Login

Synopsis

The remote host is potentially affected by an SSL/TLS vulnerability.

Description

The remote host is running a version of Gaia Operating Systemthat is potentially affected by a man-in-the-middle (MitM) informationdisclosure vulnerability known as POODLE. The vulnerability is due tothe way SSL 3.0 handles padding bytes when decrypting messagesencrypted using block ciphers in cipher block chaining (CBC) mode.MitM attackers can decrypt a selected byte of a cipher text in as fewas 256 tries if they are able to force a victim application torepeatedly send the same data over newly created SSL 3.0 connections.As long as a client and service both support SSLv3, a connection canbe 'rolled back' to SSLv3, even if TLSv1 or newer is supported by theclient and service.The TLS Fallback SCSV mechanism prevents 'version rollback' attackswithout impacting legacy clients; however, it can only protectconnections when the client and service support the mechanism. Sitesthat cannot disable SSLv3 immediately should enable this mechanism.This is a vulnerability in the SSLv3 specification, not in anyparticular SSL implementation. Disabling SSLv3 is the only way tocompletely mitigate the vulnerability.

Solution

Apply the vendor supplied patch, mitigations or contact the vendorfor further information.